Merge branch '6.4' into 7.1

* 6.4:
  Work around parse_url() bug (bis)
  Bump Symfony version to 6.4.16
  fix PHP 7.2 compatibility
  silence PHP warnings issued by Redis::connect()
  Update VERSION for 6.4.15
  Update CHANGELOG for 6.4.15
  Bump Symfony version to 5.4.48
  Update VERSION for 5.4.47
  Update CHANGELOG for 5.4.47
  [Routing] Fix: lost priority when defining hosts in configuration
  fix dumping tests to skip with data providers

Author: nicolas-grekas

CurlHttpClient.php

@@ -417,8 +417,9 @@ private static function createRedirectResolver(array $options, string $host, int
             }
         }
 
-        return static function ($ch, string $location, bool $noContent) use (&$redirectHeaders, $options) {
+        return static function ($ch, string $location, bool $noContent, bool &$locationHasHost) use (&$redirectHeaders, $options) {
             try {
+                $locationHasHost = false;
                 $location = self::parseUrl($location);
             } catch (InvalidArgumentException) {
                 return null;
@@ -430,9 +431,11 @@ private static function createRedirectResolver(array $options, string $host, int
                 $redirectHeaders['with_auth'] = array_filter($redirectHeaders['with_auth'], $filterContentHeaders);
             }
 
-            if ($redirectHeaders && $host = parse_url('http:'.$location['authority'], \PHP_URL_HOST)) {
-                $port = parse_url('http:'.$location['authority'], \PHP_URL_PORT) ?: ('http:' === $location['scheme'] ? 80 : 443);
-                $requestHeaders = $redirectHeaders['host'] === $host && $redirectHeaders['port'] === $port ? $redirectHeaders['with_auth'] : $redirectHeaders['no_auth'];
+            $locationHasHost = isset($location['authority']);
+
+            if ($redirectHeaders && $locationHasHost) {
+                $port = parse_url($location['authority'], \PHP_URL_PORT) ?: ('http:' === $location['scheme'] ? 80 : 443);
+                $requestHeaders = parse_url($location['authority'], \PHP_URL_HOST) === $redirectHeaders['host']  && $redirectHeaders['port'] === $port ? $redirectHeaders['with_auth'] : $redirectHeaders['no_auth'];
                 curl_setopt($ch, \CURLOPT_HTTPHEADER, $requestHeaders);
             } elseif ($noContent && $redirectHeaders) {
                 curl_setopt($ch, \CURLOPT_HTTPHEADER, $redirectHeaders['with_auth']);

HttpClientTrait.php

@@ -626,29 +626,37 @@ private static function resolveUrl(array $url, ?array $base, array $queryDefault
      */
     private static function parseUrl(string $url, array $query = [], array $allowedSchemes = ['http' => 80, 'https' => 443]): array
     {
-        if (false === $parts = parse_url($url)) {
-            if ('/' !== ($url[0] ?? '') || false === $parts = parse_url($url.'#')) {
-                throw new InvalidArgumentException(sprintf('Malformed URL "%s".', $url));
-            }
-            unset($parts['fragment']);
+        $tail = '';
+
+        if (false === $parts = parse_url(\strlen($url) !== strcspn($url, '?#') ? $url : $url.$tail = '#')) {
+            throw new InvalidArgumentException(sprintf('Malformed URL "%s".', $url));
         }
 
         if ($query) {
             $parts['query'] = self::mergeQueryString($parts['query'] ?? null, $query, true);
         }
 
+        $scheme = $parts['scheme'] ?? null;
+        $host = $parts['host'] ?? null;
+
+        if (!$scheme && $host && !str_starts_with($url, '//')) {
+            $parts = parse_url(':/'.$url.$tail);
+            $parts['path'] = substr($parts['path'], 2);
+            $scheme = $host = null;
+        }
+
         $port = $parts['port'] ?? 0;
 
-        if (null !== $scheme = $parts['scheme'] ?? null) {
+        if (null !== $scheme) {
             if (!isset($allowedSchemes[$scheme = strtolower($scheme)])) {
-                throw new InvalidArgumentException(sprintf('Unsupported scheme in "%s".', $url));
+                throw new InvalidArgumentException(sprintf('Unsupported scheme in "%s": "%s" expected.', $url, implode('" or "', array_keys($allowedSchemes))));
             }
 
             $port = $allowedSchemes[$scheme] === $port ? 0 : $port;
             $scheme .= ':';
         }
 
-        if (null !== $host = $parts['host'] ?? null) {
+        if (null !== $host) {
             if (!\defined('INTL_IDNA_VARIANT_UTS46') && preg_match('/[\x80-\xFF]/', $host)) {
                 throw new InvalidArgumentException(sprintf('Unsupported IDN "%s", try enabling the "intl" PHP extension or running "composer require symfony/polyfill-intl-idn".', $host));
             }
@@ -676,7 +684,7 @@ private static function parseUrl(string $url, array $query = [], array $allowedS
             'authority' => null !== $host ? '//'.(isset($parts['user']) ? $parts['user'].(isset($parts['pass']) ? ':'.$parts['pass'] : '').'@' : '').$host : null,
             'path' => isset($parts['path'][0]) ? $parts['path'] : null,
             'query' => isset($parts['query']) ? '?'.$parts['query'] : null,
-            'fragment' => isset($parts['fragment']) ? '#'.$parts['fragment'] : null,
+            'fragment' => isset($parts['fragment']) && !$tail ? '#'.$parts['fragment'] : null,
         ];
     }
 

NativeHttpClient.php

@@ -389,6 +389,7 @@ private static function createRedirectResolver(array $options, string $host, str
                 return null;
             }
 
+            $locationHasHost = isset($url['authority']);
             $url = self::resolveUrl($url, $info['url']);
             $info['redirect_url'] = implode('', $url);
 
@@ -422,7 +423,7 @@ private static function createRedirectResolver(array $options, string $host, str
 
             [$host, $port] = self::parseHostPort($url, $info);
 
-            if (false !== (parse_url($location.'#', \PHP_URL_HOST) ?? false)) {
+            if ($locationHasHost) {
                 // Authorization and Cookie headers MUST NOT follow except for the initial host name
                 $requestHeaders = $redirectHeaders['host'] === $host && $redirectHeaders['port'] === $port ? $redirectHeaders['with_auth'] : $redirectHeaders['no_auth'];
                 $requestHeaders[] = 'Host: '.$host.$port;

Response/CurlResponse.php

@@ -425,17 +425,18 @@ private static function parseHeaderLine($ch, string $data, array &$info, array &
                 $info['http_method'] = 'HEAD' === $info['http_method'] ? 'HEAD' : 'GET';
                 curl_setopt($ch, \CURLOPT_CUSTOMREQUEST, $info['http_method']);
             }
+            $locationHasHost = false;
 
-            if (null === $info['redirect_url'] = $resolveRedirect($ch, $location, $noContent)) {
+            if (null === $info['redirect_url'] = $resolveRedirect($ch, $location, $noContent, $locationHasHost)) {
                 $options['max_redirects'] = curl_getinfo($ch, \CURLINFO_REDIRECT_COUNT);
                 curl_setopt($ch, \CURLOPT_FOLLOWLOCATION, false);
                 curl_setopt($ch, \CURLOPT_MAXREDIRS, $options['max_redirects']);
-            } else {
-                $url = parse_url($location ?? ':');
+            } elseif ($locationHasHost) {
+                $url = parse_url($info['redirect_url']);
 
-                if (isset($url['host']) && null !== $ip = $multi->dnsCache->hostnames[$url['host'] = strtolower($url['host'])] ?? null) {
+                if (null !== $ip = $multi->dnsCache->hostnames[$url['host'] = strtolower($url['host'])] ?? null) {
                     // Populate DNS cache for redirects if needed
-                    $port = $url['port'] ?? ('http' === ($url['scheme'] ?? parse_url(curl_getinfo($ch, \CURLINFO_EFFECTIVE_URL), \PHP_URL_SCHEME)) ? 80 : 443);
+                    $port = $url['port'] ?? ('http' === $url['scheme'] ? 80 : 443);
                     curl_setopt($ch, \CURLOPT_RESOLVE, ["{$url['host']}:$port:$ip"]);
                     $multi->dnsCache->removals["-{$url['host']}:$port"] = "-{$url['host']}:$port";
                 }

Tests/HttpClientTestCase.php

@@ -490,6 +490,15 @@ public function testNoPrivateNetworkWithResolve()
         $client->request('GET', 'http://symfony.com', ['resolve' => ['symfony.com' => '127.0.0.1']]);
     }
 
+    public function testNoRedirectWithInvalidLocation()
+    {
+        $client = $this->getHttpClient(__FUNCTION__);
+
+        $response = $client->request('GET', 'http://localhost:8057/302-no-scheme');
+
+        $this->assertSame(302, $response->getStatusCode());
+    }
+
     /**
      * @dataProvider getRedirectWithAuthTests
      */

Tests/HttpClientTraitTest.php

@@ -214,6 +214,7 @@ public static function provideResolveUrl(): array
             [self::RFC3986_BASE, 'g/../h',        'http://a/b/c/h'],
             [self::RFC3986_BASE, 'g;x=1/./y',     'http://a/b/c/g;x=1/y'],
             [self::RFC3986_BASE, 'g;x=1/../y',    'http://a/b/c/y'],
+            [self::RFC3986_BASE, 'g/h:123/i',     'http://a/b/c/g/h:123/i'],
             // dot-segments in the query or fragment
             [self::RFC3986_BASE, 'g?y/./x',       'http://a/b/c/g?y/./x'],
             [self::RFC3986_BASE, 'g?y/../x',      'http://a/b/c/g?y/../x'],
@@ -239,14 +240,14 @@ public static function provideResolveUrl(): array
     public function testResolveUrlWithoutScheme()
     {
         $this->expectException(InvalidArgumentException::class);
-        $this->expectExceptionMessage('Invalid URL: scheme is missing in "//localhost:8080". Did you forget to add "http(s)://"?');
+        $this->expectExceptionMessage('Unsupported scheme in "localhost:8080": "http" or "https" expected.');
         self::resolveUrl(self::parseUrl('localhost:8080'), null);
     }
 
-    public function testResolveBaseUrlWitoutScheme()
+    public function testResolveBaseUrlWithoutScheme()
     {
         $this->expectException(InvalidArgumentException::class);
-        $this->expectExceptionMessage('Invalid URL: scheme is missing in "//localhost:8081". Did you forget to add "http(s)://"?');
+        $this->expectExceptionMessage('Unsupported scheme in "localhost:8081": "http" or "https" expected.');
         self::resolveUrl(self::parseUrl('/foo'), self::parseUrl('localhost:8081'));
     }
 

composer.json

@@ -25,7 +25,7 @@
         "php": ">=8.2",
         "psr/log": "^1|^2|^3",
         "symfony/deprecation-contracts": "^2.5|^3",
-        "symfony/http-client-contracts": "^3.4.1",
+        "symfony/http-client-contracts": "^3.4.3",
         "symfony/service-contracts": "^2.5|^3"
     },
     "require-dev": {